The trouble with quarantine
bastiaan at basenlily.me
Thu Mar 14 18:30:12 EDT 2013
I'm not sure if I wrote about this before but as I ran into it again
today and it may save a lot of people headaches I'll share this with
For many moons now, when you download something from the internet on Mac
OS X it gets marked to help prevent people from accidentally running
malicious software. When you start an application downloaded from the
internet you get a nice little message "this app has been downloaded
from the internet, are you really sure it is safe to run" or something
to that effect. If you answer yes the marker is removed and the
application will start.
If you download a ZIP file and then extract the zip file, the contents
of the zip file actually get the same marker.
Now with libraries the same thing applies but because the OS can't ask
you each time you start a library whether it is safe to run. A single
application may consist of a multitude of libraries (I'm not talking
about Omnis libraries here but dylibs, xcomps, etc).
So far this marker is pretty much ignored for libraries but we've
recently started running into situations, especially on OS X 10.8, but
also on several late 10.7 installs that libraries weren't being loaded.
I'm not sure what the trigger is but the approach does make sense, if
some malicous software manages to download and install some library you
don't want the OS to just load it up.
For us we ran into this downloading externals from the web, either new
xcomps from Tigerlogic or new xcomps from Brainy data. The ZIP files get
marked and when unzipped the xcomps get marked. Once the xcomps are
distributed to our clients those clients that have this protection
enabled suddenly had our application fail on them.
It's easy to fix though, after unzipping open up terminal and cd to the
location of the xcomp files. You can check if the marker is in place by
If marked it will return:
To remove the marker simply run:
xattr -d com.apple.quarantine myComponent.xcomp
Now the Mac OS X will load the xcomp just fine.
More information about the omnisdev-en